Lucene search
+L

830 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:51 a.m.4 views

CVE-2023-0295

The Launchpad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its settings parameters in versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.5CVSS5AI score0.00537EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:49 a.m.11 views

CVE-2022-46854

Cross-Site Request Forgery CSRF vulnerability in Obox Themes Launchpad – Coming Soon & Maintenance Mode plugin = 1.0.13 versions...

8.8CVSS7.1AI score0.00264EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:9 a.m.9 views

CVE-2022-26101

Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

6.1CVSS6AI score0.01383EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:49 p.m.23 views

CVE-2022-22546

Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence BI Launchpad - version 420...

5.4CVSS6AI score0.00489EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:33 p.m.6 views

CVE-2022-39799

An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. This could lead to stealing session information and impersonating the affected user...

6.1CVSS5.9AI score0.0045EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:30 p.m.9 views

CVE-2020-6283

SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting XSS vulnerability. With a successful attack, the attacker can steal...

6.1CVSS6AI score0.00675EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:30 p.m.6 views

CVE-2020-6210

SAP Fiori Launchpad, versions- 753, 754, does not sufficiently encode user-controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, leading to reflected Cross-Site Scripting XSS vulnerability...

6.1CVSS6AI score0.00654EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:45 p.m.10 views

CVE-2020-6281

SAP Business Objects Business Intelligence Platform BI Launchpad, version 4.2, does not sufficiently encode user-controlled inputs, resulting reflected in Cross-Site Scripting...

6.1CVSS6.9AI score0.00784EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:37 a.m.12 views

CVE-2019-0395

SAP BusinessObjects Business Intelligence Platform Fiori BI Launchpad, before version 4.2, allows execution of JavaScript in a text module in Fiori BI Launchpad, leading to Stored Cross Site Scripting vulnerability...

5.4CVSS6.4AI score0.00733EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/03/17 12:0 a.m.7 views

The vulnerability of the BI Launchpad component of the SAP BusinessObjects Business Intelligence Platform allows a attacker to perform cross-site scripting attacks.

The vulnerability of the BI Launchpad component of the SAP BusinessObjects Business Intelligence Platform relates to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...

6.4CVSS5.2AI score0.00251EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/02/11 12:35 a.m.17 views

CVE-2025-24867 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence platform (BI Launchpad)

SAP BusinessObjects Platform BI Launchpad does not sufficiently handle user input, resulting in Cross-Site Scripting XSS vulnerability. The application allows an unauthenticated attacker to craft a URL that embeds a malicious script within an unprotected parameter. When a victim clicks the link,...

6.1CVSS0.00251EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/10 12:0 a.m.6 views

SAP BusinessObjects BI LaunchPad 跨站脚本漏洞

SAP BusinessObjects BI LaunchPad is a standard Web portal for users of the SAP BusinessObjects Business Intelligence BI platform from SAP, Germany. A cross-site scripting vulnerability exists in SAP BusinessObjects BI LaunchPad that stems from improper input handling and can lead to a cross-site...

6.1CVSS5.9AI score0.00251EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:34 p.m.14 views

CVE-2020-26815

SAP Fiori Launchpad News tile Application, versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external...

8.6CVSS6.7AI score0.01396EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/02/03 8:16 a.m.5 views

Malicious code in launchpad-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7e634713ebf6a8dfa6716324301d5ae77fb7e1081cc18e12d85dc9a2cce5d85a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/02/03 8:16 a.m.4 views

MAL-2025-1140 Malicious code in launchpad-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7e634713ebf6a8dfa6716324301d5ae77fb7e1081cc18e12d85dc9a2cce5d85a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/01/30 4:55 p.m.4 views

Malicious code in launchpad-ui (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

6.9AI score
Exploits0
OSV
OSV
added 2025/01/30 4:55 p.m.5 views

MAL-2025-670 Malicious code in launchpad-ui (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
UbuntuCve
UbuntuCve
added 2025/01/09 1:15 a.m.30 views

CVE-2023-28362

The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...

4CVSS6.4AI score0.00332EPSS
Exploits2References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/11/12 11:55 a.m.2 views

Malicious code in launchpad-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9b1c1a2444b5a8db795db02aedebf9d8feddb28e3bc8cafcf438c5d8a086f315 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2024/11/12 11:55 a.m.4 views

MAL-2024-10618 Malicious code in launchpad-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9b1c1a2444b5a8db795db02aedebf9d8feddb28e3bc8cafcf438c5d8a086f315 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Rows per page
Query Builder